Ensure Tencent Cloud CVM instances do not use the default security group
Description
This policy checks whether Tencent Cloud CVM instances use the default security group. Using the default security group can pose a security risk as it may not be configured to meet the specific security requirements of the instance. It is recommended to create and use custom security groups to ensure proper access control and network security. By not using the default security group, you can better manage and restrict inbound and outbound traffic to your instances.
Code Example
terraform
resource "tencentcloud_security_group" "example" {
name = "example-sg"
description = "example security group"
}
resource "tencentcloud_instance" "example" {
security_groups = [tencentcloud_security_group.example.id]
}Remediation
Create a custom security group and assign it to the CVM instance instead of using the default security group.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-1321 |
| Severity | MEDIUM |
| IaC Type | Terraform |
| Frameworks | tencentcloud_instance |
| Checkov ID | CKV_TC_4 |